Encryption

Technology startup firms are leading the way in ensuring not only the security of their customers, but their own security as well. American businesses are expected to pay $2 billion for cyber insurance premiums in 2014, a 67 percent increase from just one year earlier. More than fifty U.S. insurance carriers are now offering cyber insurance policies. Even more impressively, many of these are focusing on small and mid-size businesses.

Today’s company networks comprise hundreds of devices: routers for directing data packets to the right receiver, firewall components for protecting internal networks from the outside world, and network switches. Such networks are extremely inflexible because every component, every router and every switch can carry out only the task it was manufactured for. If the network has to be expanded, the company has to integrate new routers, firewalls or switches and then program them by hand. This is why experts worldwide have been working on flexible networks of the future for the last five years or so, developing what is known as software-defined networking (SDN). It presents one disadvantage, however; it is susceptible to hacker attacks. Researchers have now developed a way to protect these future networks.

The privacy vs. security debate is heating up. Should messages on private devices be encrypted to protect our privacy? Will this dangerously hamper national and international security efforts? If we go the encryption route, are technologies being implemented fast enough to protect sensitive data from criminals?

The Chinese government’s cyberspace policy group in late 2014 approved a 22-page document which contained strict procurement rules for technology vendors. Those rules would require U.S. firms selling computer equipment in China to turn over sensitive intellectual property — including source codes — submit their products for “intrusive security testing,” and use Chinese encryption algorithms. U.S. companies selling equipment to Chinese banks will be required to set up research and development centers in China, get permits for workers servicing technology equipment, and build “ports” which allow Chinese officials to manage and monitor data processed by their hardware. U.S. tech companies charge that the new rules would make it easier for China to steal U.S. companies’ intellectual property.

Prime Minister David Cameron has stated that the U.K. government will look at “switching off” some forms of encryption in order to make society safer from terror attacks. This might make a grand statement but it is impossible to implement and extremely technologically naïve. Encryption is a core part of the Internet; its use is increasing every day — Google’s services, including search and e-mail, use encrypted streams, as do Facebook and Twitter and many other widely used sites. Encryption makes it almost impossible for eavesdroppers to read the contents of the traffic. It is the foundation upon which all e-commerce is based. The technical case for switching off encryption is thus simply a non-starter. In fact we are moving in the opposite direction, replacing the old, open Internet with one that incorporates security by design. If you wish to switch off encryption, it will unpick the stitching that holds the Internet together.

President Barack Obama, in anticipation of the 20 January State of the Union address, has been sharing details of his address to a generate buzz. This week, Obama will focus on cybersecurity initiatives, including identity theft and electronic privacy laws, aimed at protecting citizens and the private sector. Obama will also announce a policy package designed to provide affordable access to broadband Internet nationwide.

Credit card fraud and identify theft are serious problems for consumers and industries. Corporations and individuals work to improve safeguards, but it has become increasingly difficult to protect financial data and personal information from criminal activity. Fortunately, new insights into quantum physics may soon offer a solution, as a team of researchers has harnessed the power of quantum mechanics to create a fraud-proof method for authenticating a physical “key” which is virtually impossible to thwart.

The FIDO (Fast IDentity Online) Alliance, an open industry consortium promoting standards for simpler, stronger authentication, the other day published final 1.0 drafts of its two specifications — Universal Authentication Framework (UAF) and Universal 2nd Factor (U2F).

Nuclear weapons exist, so control of nuclear weapons is essential. Intrinsic Use Control (IUC) is a concept which is capable of providing improved quantifiable safety and use control within a nuclear weapon. As a basic concept, use control is best accomplished in the weapon itself rather than depending on administrative controls, fences, and guards. Using established technology, IUC uses passive use control to resist any attacks or unauthorized use of a weapon at either the component or the fully assembled levels.

U.S. intelligence agencies have designated cyberattacks as the most alarming threat to national security. The federal government is spending roughly $10 billion a year to protect the nation’s digital infrastructure, but hackers, some sponsored by nation-states, are successfully infiltrating civilian and military networks.Professionals from DHS, the Pentagon, and private contractors all work together in U.S. cyber centers to detect, prevent, respond, and mitigate incoming and existing cyberattacks. Several of the U.S. top cybersecurity labs are housed in nondescript office buildings with no government seals or signs.

First disclosed in April 2014, Heartbleed presents a serious vulnerability to the popular OpenSSL (Secure Sockets Layer) software, allowing anyone on the Internet to read the memory of systems that are compromised by the malicious bug. A detailed analysis by cybersecurity experts found that Web site administrators nationwide tasked with patching security holes exploited by the Heartbleed bug may not have done enough.

FBI director James Comey said that the agency was pushing lawmakers to mandate surveillance functions in apps, operating systems, and networks, arguing that privacy and encryption prevent or disrupt some of the agency’s investigations. According to Comey, new privacy features implemented by Google and Apple in the wake of the Snowden revelations, automatically encrypt user communication and data, making it difficult for law enforcement to gather evidence and connect links among suspected criminals and terrorists.

In a science advisory board meeting on 23 October at the White House Office of Science and Technology Policy (OSTP), officials attempted to glean just where the government cybersecurity workforce stood in terms of talent and hiring necessity. There is currently no government-wide federal job description in the cybersecurity field, and that has led to meetings similar to the October summit.

What information is beaming from your mobile phone over various computer networks this very second without you being aware of it? Experts say your contact lists, e-mail messages, surfed Web pages, browsing histories, usage patterns, online purchase records and even password protected accounts may all be sharing data with intrusive and sometimes malicious applications, and you may have given permission. The apps downloaded to smartphones can potentially track a user’s locations, monitor his or her phone calls and even monitor the messages a user sends and receives — including authentication messages used by online banking and other sites, he says, explaining why unsecured digital data are such a big issue. Assigning risk scores to apps may slow down unwarranted access to personal information.

With its new iOS 8 operating software, Apple is making it more difficult for law enforcement to engage in surveillance of users of iOS8 smartphones. Apple has announced that photos, e-mail, contacts, and other personal information will now be encrypted, using the user’s very own passwords — meaning that Apple will no longer be able to respond to government warrants for the extraction of data.

The long view

FBI director James Comey said that the agency was pushing lawmakers to mandate surveillance functions in apps, operating systems, and networks, arguing that privacy and encryption prevent or disrupt some of the agency’s investigations. According to Comey, new privacy features implemented by Google and Apple in the wake of the Snowden revelations, automatically encrypt user communication and data, making it difficult for law enforcement to gather evidence and connect links among suspected criminals and terrorists.